This commit uses database functions to precompute the normalized and
tokenized tsquery required for highlighting before it is returned to the
user, and disallows highlight-time compilation of the highlight map.
The primary purpose of this is to avoid the chance for user input to
find its way directly into SQL statements, but an additional benefit is
that it becomes much simpler for high level application code to make use
of Display Field highlighting in non-search contexts.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Mike Rylander [Fri, 12 Oct 2018 18:43:26 +0000 (14:43 -0400)]
LP#1775958: Rework pullup mechanism to flatten more nested queries
The bulk of this commit reworks the query tree pullup logic, which is
responsible for simplifying the query tree that is used to generate the
SQL query for search. In particular, we now do a better job of finding
opportunities to merge adjacent parts of the query that have the same
requested_class (pre-dealiasing) in the face of boolean OR operators,
explicit grouping, and alternating requested_class values. The result
is fewer joins in the SQL, which should speed up all but the most
trivial searches, and generally help protect the database from mis- or
mal-constructed queries. We also now use CTEs to separate branches of
the logical search tree into descrete subqueries, which helps reduce
the total core query JOINs, and provides the planner with more options
for join order.
This also does away with the conversion of a negated atom into an
"un-phrase". Instead, we just detect and handle those directly as atoms
with a prefix, as appropriate. This allows single negated words to be
used directly in the core tsquery construct, rather than having them
require a separate join and special where clause.
Additionally, this commit handles phrases differently at both the QP and
SQL level, making use of Postgres's phrase support in modern versions
and simplifying how they're handled within the base parse tree
structure.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
This commit implements a new global flag: opac.login_redirect_domains
When this flag is enabled, redirection from login via redirect_to will
be restricted to local URLs. For local URLs, they must either start
with a / (provide an absolute path) or the hostname in the URL must
match the current hostname and have a scheme of http, https, ftp, or
ftps.
The value for the global flag can be set to a list of comma-separated
domain names. Redirection to these domains, and subdomains/hosts
thereof, will also be allowed. For all non-local URLs allowed by the
global flag value, the scheme must be one of http, https, ftp, or ftps.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
Galen Charlton [Wed, 10 May 2023 19:45:05 +0000 (15:45 -0400)]
LP#2019150: link to AngularJS Patron Requests interface
Due to a presumed timing issue in 2018, the AngularJS patron purchase
request interface created in bug 1774277 was never linked to from the
Angular navbar (only the AngularJS one).
This patch fixes this.
To test
-------
[1] Apply the patch.
[2] From the Angular menu, go to Acquisitions -> Patron Requests
and verify that it loads the AngularJS interface rather
than the legacy Dojo one.
Jason Boyer [Fri, 12 May 2023 17:44:14 +0000 (13:44 -0400)]
LP1915326: Followup to Silence Offline / Shared Worker Errors
The user agent string hasn't been 'PhantomJS' for quite some time, so look for
'Headless' and add that to the Firefox launcher. Also redirect requests for
offline-db-worker.js to the current directory.
Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Several tests of egOrg started failing when Lovefield
was added as a dependency. This patch fixes them by
ensuring that Lovefield is loaded.
To test
-------
[1] Go to Open-ILS/web/js/ui/default/staff and run
`npm run test`. Note that six tests fail because
'lf' is undefined.
[2] Apply the patch and repeat step 1. This time, all
of the tests should pass.
Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Jeff Davis [Tue, 7 Feb 2023 19:33:07 +0000 (11:33 -0800)]
LP#1778567: don't return cached list/tree before updating
The absorbList function can be used to append items to an existing
cached list (and ditto for absorbTree), so we shouldn't start off by
returning the cached version.
Thanks to James Fournie for catching this.
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca> Signed-off-by: Ruth Frasur <rfrasur@library.in.gov> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Stephanie Leary [Wed, 3 May 2023 17:39:41 +0000 (17:39 +0000)]
LP2002363 Aria labels for catalog search +/- buttons
Adds aria-label to the staff catalog search row plus/minus buttons. The
labels match the title attributes on the buttons, to allow dictation
users to identify the phrases that should be spoken to select the
buttons.
Jane Sandberg [Mon, 6 Mar 2023 00:57:50 +0000 (16:57 -0800)]
LP1808016: improve error handling by open-ils.pcrud
This patch ensures that requests to open-ils.pcrud return
an error code (before the request completion code) when
a permissions or constraint check fails.
To test
-------
[1] Make an invalid request, e.g., by attempting to create a claim
type whose owner is not set in the Acquisitions Claiming admin
interface.
[2] Note that the user interface reports that the action succeeds
(although the new claim type is not actually created).
[3] Apply the patch and repeat step 1. This time, the admin interface
shoudl report that the creation failed.
Jane Sandberg [Wed, 1 Mar 2023 17:37:32 +0000 (09:37 -0800)]
LP2008918: default modal background color
To test:
1) Open the holdings editor in the angular staff catalog
2) right click on an item
3) select Add/Manage Item notes
4) Note that you can't see the text at the top of the modal, nor can you see the close button
5) Apply this patch and repeat steps 1-3
6) Note that the modal header is a darker color, so the text and close button are again visible.
Dan Briem [Sat, 4 Mar 2023 21:10:44 +0000 (21:10 +0000)]
LP#1901072 Menus Don't Recognize Max Recent Patrons Setting
On the Angular menu, both Retrieve Last Patron and Recent Patrons
links appear under Circulation, regardless of what the "Number of
Retrievable Recent Patrons" setting is set to.
On both the AngularJS and Angular menus, both links appear under
Circulation (Experimental).
On the Angular menu, Circulation->Retrieve Recent Patrons links
to the Angular interface instead of the AngularJS interface.
To test this fix:
1. Set Enable Angular Circulation Menu setting to True
2. Set Number of Retrievable Recent Patrons setting to 0
- Retrieve Last Patron and Recent Patrons links don't appear
3. Set to 1 or unset (default fallback is 1)
- Retrieve Last Patron link appears only
4. Set to greather than 1
- both links appear
- Circulation->Retrieve Recent Patrons loads the AngJS interface
Signed-off-by: Dan Briem <dbriem@wlsmail.org> Signed-off-by: Susan Morrison <smorrison@georgialibraries.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Stephanie Leary [Mon, 8 May 2023 22:37:27 +0000 (22:37 +0000)]
LP2015137 Tab order for admin splash link tables
Replaces row/column logic with CSS columns in the link table component
used in settings screens. This allows the user to tab through the
settings in alphabetical order, rather than the three-across groupings
that previously broke up similarly named settings.
Galen Charlton [Wed, 29 Mar 2023 16:09:32 +0000 (12:09 -0400)]
LP#2013223: quiet browser console noise from some AngularJS grids
This patch quells console error noise from certain AngularJS grids.
To test
-------
[1] Go to the AngularJS Renew Items, Holds Shelf, or patron holds list
pages.
[2] Note that the brower console has a lot of "TypeError: action.handler is undefined"
error messages.
[3] Apply the patch and repeat step 1. This time, the "action.handler"
errors should be gone.
Galen Charlton [Fri, 31 Mar 2023 22:11:36 +0000 (18:11 -0400)]
LP#1920826: ensure that some DB updates missed in 3.6.0 are included
This patch fixes a situation where an Evergreen database that had
been been upgraded to 3.6.0 at some point in its past using the
3.5.1-3.6.0 DB update script may be missing some DB revisions.
To test
-------
[1] Locate a test database that had been upgraded to 3.6.0 at some point
and is missing some or all of DB revisions 1236-1240.
[2] Run the DB update in this patch.
[3] Verify that the DB revisions are in place and that the following
bugs are resolved:
Tiffany Little [Thu, 26 Jan 2023 14:18:01 +0000 (09:18 -0500)]
LP2003946 LI ID in Search jumps to item detail page
Signed-off-by: Tiffany Little <tlittle@georgialibraries.org> Signed-off-by: Christine Morgan <cmorgan@noblenet.org> Signed-off-by: Michele Morgan <mmorgan@noblenet.org>
Jane Sandberg [Fri, 3 Mar 2023 23:55:43 +0000 (15:55 -0800)]
LP1972917: fix circ modifier column in course materials grid
To test:
1. Add a circulation modifier to your system if it doesn't
already have some.
2. In Local Admin > Course Materials > Edit Course > Course
Materials, turn on the circ modifier column in the grid.
3. Associate an item with the course using its barcode.
Make sure you have selected a circulation modifier and
checked the circulation modifier box.
4. Press the "Add Material" button.
5. Note that the circulation modifier column says
"[Object object]"
6. Apply this patch and repeat steps 2-4.
7. Note that the column now has the name of the circulation
modifier.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com> Signed-off-by: Jennifer Pringle <jennifer.pringle@bc.libraries.coop> Signed-off-by: Beth Willis <willis@noblenet.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Michele Morgan [Wed, 1 Mar 2023 17:18:09 +0000 (12:18 -0500)]
LP2001728 - Don't display circ_staff for opac and autorenewals
Item Status Circ History List: Displays the placeholder <OPAC Renewal>
or <Auto-renewal> instead of the patron information in the Check Out
Staff field.
Signed-off-by: Michele Morgan <mmorgan@noblenet.org> Signed-off-by: Gina Monti <gmonti@biblio.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Dan Briem [Thu, 16 Mar 2023 18:21:03 +0000 (14:21 -0400)]
LP#2004052 Hold Shelf Actions Menu Includes Irrelevant Actions
Removes Activate, Suspend, Set Top of Queue, Un-Set Top of Queue,
Set Desired Item Quality, Transfer to Marked Title from the
actions menu on the Holds Shelf grid.
Signed-off-by: Dan Briem <dbriem@wlsmail.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org> Signed-off-by: Jane Sandberg <js7389@princeton.edu>
Jeff Davis [Thu, 4 May 2023 18:13:42 +0000 (11:13 -0700)]
LP#2018534: treat year as numeric when retrieving item circs by year
The open-ils.pcrud.search.circbyyr API uses EXTRACT to extract the year
from circulation timestamps. In recent versions of Postgres, the return
type for EXTRACT was changed from double precision to numeric (thanks to
Jason Boyer for noticing this!); for obscure reasons, this causes pcrud
to return the year as a string instead of a number. So, let's get the
staff client to force those values to be numbers before doing math with
them.
Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Stephanie Leary [Wed, 3 May 2023 17:18:59 +0000 (17:18 +0000)]
LP2018208 Empty alt for result record images, icons
Adds empty alt attributes for jacket images and format icons that are
immediately followed by equivalent text representations, and are
therefore redundant for screen reader users.
Stephanie Leary [Mon, 12 Dec 2022 20:27:26 +0000 (14:27 -0600)]
LP1615707 ARIA landmarks for staff interface
Adds the following ARIA landmarks and roles to the Angular staff
interface:
* <main> and role="main" for the content container
* <nav> and role="navigation" for the navbar
* role="form" for the catalog search form (which lacks a <form> tag)
* role="search" for the search tab panel inside the form
* type="search" and role="searchbox" for the search term input field
* a custom region for the bib record summary box
* <aside> and role="complementary" for the facet sidebar
To construct the ARIA label for the bib record summary, I've added an ID
to the header row of the bib summary component so the screen reader can
use the localized text.
Since the staff interface doesn't really have a header section other
than the navigation, and there is no footer, I've left out these
landmarks.
Signed-off-by: Stephanie Leary <stephanie.leary@equinoxOLI.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
Galen Charlton [Thu, 30 Mar 2023 18:11:26 +0000 (14:11 -0400)]
LP#1791791: remove a regression regression on bug 1923225
This was introduced on the Bootstrap side by the patch for
bug 1955403.
To test:
[0] This applies to the Bootstrap OPAC skin.
[1] Perform a search on ISBN.
[2] Note that on the record page, the ISBN (under more details)
is not properly highlighted.
[3] Apply the patch and repeat step 1. This time, the ISBN
should be highlighted.
Garry Collum [Sun, 19 Dec 2021 01:31:22 +0000 (20:31 -0500)]
LP1791791: Google book previews not displaying from a bib linked from a search.
The javascript that queries Google Books Preview looks for ISBN(s) wrapped in
a rdetail_value class. There was a line of code in which the isbn variable
was not enclosed in this class. This patch just wraps that stray variable
into a <span> with the class.
To test:
0. Use the TPAC skin - this bug does not affect the Bootstrap skin
1. Perform a keyword search for an bib that should have a google book's link.
As of March 2023, ISBN 9780786496570 has previews enabled.
2. Go to the bib display and notice that there is no link.
3. Remove the ';query=something' text from the url and notice that the
google book information displays.
4. Apply the patch.
5. Perform the same search. The google book information should now display.
LP#1863387: multi-select now allows filtering shelving locations by owner
The Angular multi-select component now has a special case for
shelving locations: when the IDL class of "acpl" is selected,
rather than just displaying a combobox, the item-location-select
component followed by an org selector is displayed and checkbox.
The org selector defaults to workstation OU and is used to restrict
the list of shelving locations displayed in the shelving location
combobox to the context org unit and its ancestors. If the checkbox
is also selected, descendants of the context OU are included as well.
The effect of this is to allow large consortial to more efficiently
select the shelving locations to be used by a carousel.
To test
-------
[1] Apply the patch.
[2] Create or edit carousel definitions. Verify that the widget
for the carousel's shelving locations now displays both a
combobox for the location selector as well as one for the
location owning library. Further verify that when the OU
selector for the owning library is changed, that the list
of available shelving locations reflects the locations available
at the ancestors of the filter OU. Also verify that the
"Include descendants?" checkbox updates the list of available
locations as well.
Stephanie Leary [Mon, 9 Jan 2023 19:46:53 +0000 (13:46 -0600)]
LP1970946 Adjust color contrast in result highlights
Lowers the contrast on search result match highlights in the staff
catalog, and changes the highlight tag from <b> (PostgreSQL's default),
to <mark> (new in HTML5).
As an additional consequence, the color contrast for highlighted
search terms in the Bootstrap OPAC (using default styles) improves
from 4.38 to 17.12.
Stephanie Leary [Thu, 9 Mar 2023 16:08:40 +0000 (16:08 +0000)]
LP2009865 Revised search result headings & source order
Revises the hierarchy of headings in the search results. In combination
with the H1 provided in in bug #1994711, the result is now:
h1. Staff Catalog
h2. Search Results (N)
(repeat for each result:)
h3. [Title] [Author]
h2. Facets
(repeat for each facet box:)
h3. [Facet title]
The source order of the results list and facet sidebar have been
swapped. The facets still appear on the left visually, but now fall
after the results in the document.
Patch alters the markup within <eg-staff-banner> to include H1 headings
for page titles.
The patch also includes a new CSS file for the course page component,
which appears to be the only component taking advantage of the custom
classes and icons for page titles. I've made archived course titles gray
and italicized.
Jeff Davis [Tue, 15 Nov 2022 23:11:49 +0000 (15:11 -0800)]
LP#1996651: treat empty string as null for preferred name/alias in wide_hold_data
This prevents the patron name from appearing blank in the hold shelf
"User Display Name" or "User Alias or Display Name" columns when the
alias or preferred name fields are empty strings.
Signed-off-by: Jeff Davis <jeff.davis@bc.libraries.coop> Signed-off-by: Susan Morrison <smorrison@georgialibraries.org> Signed-off-by: Jane Sandberg <sandbergja@gmail.com>
LP#1716479: (follow-up) fix handling of onSave callbacks for AngularJS MARC edit
This patch fixes an issue that has been present for a while but
clarified by Beth Wills in the course of testing the base patch
for this bug.
Specifically, the routine to process onSave callbacks was
not bound to the scope properly, meaning that the wrong onSave
callbacks could be run when dealing with mutiple active
egMarcEditRecords.
Jane Sandberg [Thu, 29 Aug 2019 01:09:35 +0000 (18:09 -0700)]
LP1716479: Make sure authority linker works in embedded MARC editors
1) Perform a z39.50 search
2) Select a record
3) Click Edit then Import
4) Click on the link next to any authorizable field.
5) You will see a mysteriously data-free heading: {{bibField.tag}} {{bibField.ind1}}{{bibField.ind2}}
6) Clicking on the "Immediately" and "Create and edit" buttons doesn't work.
7) Apply this patch and repeat steps 1-6.
8) Note that the heading is now correct, and the buttons work.
Signed-off-by: Jane Sandberg <sandbej@linnbenton.edu> Signed-off-by: Jennifer Weston <jennifer.weston@equinoxOLI.org> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Fix "Installing PostgreSQL server packages" heading. It was showing
up as a list entry.
Drop the text about installing additional packages for the database,
since there are none to install at this time. (We could replace that
with a subsection on the packages required for a standalong databse
server without all of Evergreen installed on it.)
Add a "Create the Evergreen PostgreSQL user" heading above the
instructions to creat the evergreen user in the database.
Co-authored-by: Ben Shum <ben@evergreener.net> Signed-off-by: Jason Stephenson <jason@sigio.com>
Terran McCanna [Wed, 19 Oct 2022 14:54:19 +0000 (10:54 -0400)]
LP1970476 Where filter in Bootstrap Catalog Produces Unwanted Results
Prior to this change, the Advanced Search page split the library selector
and the "Where" scope selector into two separate dropdown lists that
produced unexpected results when both were used.
This change uses the same approach as the combined dropdown on the Basic
search page instead.
Signed-off-by: Terran McCanna <tmccanna@georgialibraries.org> Signed-off-by: Michele Morgan <mmorgan@noblenet.org> Signed-off-by: John Amundson <jamundson@cwmars.org> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
Galen Charlton [Fri, 31 Mar 2023 13:43:53 +0000 (09:43 -0400)]
LP#1752334: (follow-up) adjust to allow "0" as a note
Also ignore the additional note parameter if all it has
are zero or more whitespace characters.
It's unlikely that a client would want to set the additional
note to "0", but it's nonetheless a good idea to distinguish
between difference versions of Perl's false value.
Josh Stompro [Thu, 28 Feb 2019 16:41:01 +0000 (10:41 -0600)]
LP#1752334 - BadContact, use additional note if provided.
If an additional note is provided when marking a contact invalid,
then that note should be appended to the penalty note field.
This change adds that functionality. This doesn't change the results
for staff that are using the invalidate buttons in the client, since
there isn't a chance to add an additional note from that interface.
But if someone is calling open-ils.actor.invalidate.email via some other
method, then you can specify the additional note.
I would like to be able to add extra notes when automatically processing
bounced emails, to give staff a clue as to why the email failed. Such as
"<email> Account over quota for past 3 weeks, ask patron to check their account."
Includes a new perl live test to check the new behavior, along with all
the open-ils.actor.invalidate.* call options.
Testing plan:
Before fix.
1. Choose a patron with an email address and note their patron id number.
2. Run an srfsh shell.
3. Login to get an auth token 'login username password'
4. Run the invalidate email command to mark the users email invalid, including
an addition note value.
srfsh# request open-ils.actor open-ils.actor.invalidate.email "<authtoken>" "<patronid>" "Testing Additional Note"
5. Take a look at the patron account and see that the penalty message only
includes a copy of the email address that was marked invalid.
After fix.
1. Restart the opensrf actor service if needed to re-read the changed perl module.
osrf_control -l --service open-ils.actor --restart
2. Remove the penalty and re-add email address to test patron's account.
3. Run an srfsh shell.
4. Login to get an auth token 'login username password'
5. Run the invalidate email command to mark the users email invalid,
including an addition note value.
srfsh# request open-ils.actor open-ils.actor.invalidate.email "<authtoken>" "<patronid>" "Testing Additional Note"
6. Take a look at the patron account and see that the penalty message note
now includes the additional note.
Run the live test at Evergreen/Open-ILS/src/perlmods/live_t
perl ./36-lp1752334-badcontact.t
Jane Sandberg [Thu, 21 Jul 2022 00:00:24 +0000 (20:00 -0400)]
LP1879517: Surveys shouldn't end before they begin
To test:
1. Go to Admin > Local > Surveys.
2. Create a new survey.
3. Attempt to create a survey where the end date
comes before the start date. Without this patch, you will get
no notice that this is invalid, and you can save the invalid
record.
4. Edit an existing survey.
5. Repeat step 3 while editing the existing survey.
6. Apply the patch.
7. Repeat steps 1-5. Note that you now get a notice and
cannot save if the end date is before the start date.
This commit generalizes a validator already present in the booking
module, and corrects several small bugs related to the datetime-select
component.
Signed-off-by: Jane Sandberg <sandbergja@gmail.com> Signed-off-by: Susan Morrison <smorrison@georgialibraries.org> Signed-off-by: Jason Boyer <JBoyer@equinoxOLI.org>
blake [Tue, 15 Mar 2022 16:48:12 +0000 (11:48 -0500)]
LP#1964986: encourage distinct results when querying the ahopl IDL source
This patch addresses a now-theoretical issue where a direct PCRUD
query of ahopl could return duplicate rows in cases where the patron
linked to the hold request has multiple penalties attached.
The significance of this change is likely minor nowadays, as ahopl
was directly used by Evergreen only by the Dojo and AngularJS hold
pull lists, and as of 3.8 the Evergreen Angular pull list uses a
different approach for querying the pull list. However, until such
time as ahopl is deprecated and removed, this change may help
local integrations.
This commit adds two types of simple DoS protection:
* Limit concurrent search requests per client IP address, regardless of
the searches being performed. This helps address issues of accidental
spamming from a malfunctioning OPAC workstation, or crawlers of various
types. The limit is controlled by a global flag called
"opac.max_concurrent_search.ip".
* Limit the global concurrent search requests for the same query. This
helps address both simple and distributed DoS that send the same search
request over and over. The limit is controlled by a global flag called
"opac.max_concurrent_search.query", and defaults to 20.
When the limit is exceeded in either case the client receives an HTTP
429 "Too many requests" response from the web server, and the connection
is ended.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>
With this commit we throw away searches with invalid qtype value based
on configured classes and aliases. Invalid qtype values have been seen
in the wild as part of attempted (but failed) SQL injection attacks, so
we will tighten up what we accept.
As an additional (unrelated) bonus, this commit also avoids prepending
the search class on basic search when the class (from qytpe) is not
exactly "keyword".
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxOLI.org>